package com.liu.nb.config;

import com.liu.nb.security.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/*
@name:
@description:security配置类
@author: lzy
@title: 天王盖地虎!!!
@time:  2021-08-07 12:38:36
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    白名单，这些请求不会被拦截
    private static final String[] URL_WHITELIST = {"/login","/logout","/captcha","/favicon.ico"};
    @Autowired
    private LoginFailureHandler loginFailureHandler;
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;
    @Autowired
    private CaptchaFilter captchaFilter;
    @Autowired
    private JwtAccessDeniedHandler jwtAccessDeniedHandler;
    @Autowired
    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    @Autowired
    private UserDetailServiceImpl userDetailServiceImpl;
    @Autowired
    private JwtLogoutSuccessHandler logoutSuccessHandler;
    @Bean
    JwtFilter jwtFilter(){
        JwtFilter jwtFilter= null;
        try {
            jwtFilter = new JwtFilter(authenticationManager());
        } catch (Exception e) {
            e.printStackTrace();
        }
        return jwtFilter;
    }
    @Bean
    BCryptPasswordEncoder bCryptPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and()
                //关闭csrf防护
                .csrf().disable()
        //登录配置
        .formLogin()
                //登录成功的配置
                .successHandler(loginSuccessHandler)
                //登录失败的配置
                .failureHandler(loginFailureHandler)
        .and()
        //退出配置
        .logout()
            .logoutSuccessHandler(logoutSuccessHandler)
        //禁用session
        .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        //配置拦截规则
        .and()
//                所有请求都必须被认证
                .authorizeRequests()
                .antMatchers(URL_WHITELIST).permitAll()
                .anyRequest().authenticated()
        //配置自定义过滤器
        .and()
//        在验证用户名和密码前先判断验证码是否正确
        .addFilter(jwtFilter())
        .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class)
        .exceptionHandling()
        .authenticationEntryPoint(jwtAuthenticationEntryPoint)
        .accessDeniedHandler(jwtAccessDeniedHandler)
        ;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailServiceImpl);
    }

}
